Bug#1125714: marked as done (Bug# steghide: Stack-based buffer overflow in Embedder.cc)

Debian Bug Tracking System Tue, 23 Jun 2026 08:37:21 -0700

Your message dated Tue, 23 Jun 2026 15:34:38 +0000
with message-id <[email protected]>
and subject line Bug#1125714: fixed in steghide 0.5.1+git20240220-2
has caused the Debian Bug report #1125714,
regarding Bug# steghide: Stack-based buffer overflow in Embedder.cc
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1125714: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125714
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: steghide
Version: 0.5.1
Severity: normal
Tags: security

Dear Maintainer,

I have discovered a stack-based buffer overflow in steghide 0.5.1.
The issue is in src/Embedder.cc where 'sprintf' is used unsafely.

I have published a full analysis and Proof of Concept here:
https://github.com/ErikDervishi03/steghide-buffer-overflow-poc

I have also requested a CVE for this issue.

Best regards,
Erik Dervishi

--- End Message ---

--- Begin Message ---

Source: steghide
Source-Version: 0.5.1+git20240220-2
Done: Sven Geuer <[email protected]>

We believe that the bug you reported is fixed in the latest version of
steghide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sven Geuer <[email protected]> (supplier of updated steghide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 23 Jun 2026 17:12:29 +0200
Source: steghide
Architecture: source
Version: 0.5.1+git20240220-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Sven Geuer <[email protected]>
Closes: 1119575 1125714
Changes:
 steghide (0.5.1+git20240220-2) unstable; urgency=medium
 .
   * Team upload.
 .
   [ Sven Geuer ]
   * d/p/*: Add patch to keep CXXFLAGS untouched by upstreams build system.
     (Closes: #1119575)
   * d/p/*: Add patch fixing stack-based buffer overflow in Embedder.cc.
     (Closes: #1125714)
   * d/s/lintian-overrides: Removed, not needed anymore.
 .
   [ Alexandre Detiste ]
   * drop "Rules-Requires-Root: binary-targets", not needed anymore
Checksums-Sha1:
 b5a867cbf5c0804fc56e70b74718e585c7a8a87e 2191 steghide_0.5.1+git20240220-2.dsc
 bed1bc8c89e0e1e84e52994f71d04c83ad2434fd 14492 
steghide_0.5.1+git20240220-2.debian.tar.xz
 50689acba03f6f90fd5ef86f08c89b5b74cf0c7e 6706 
steghide_0.5.1+git20240220-2_amd64.buildinfo
Checksums-Sha256:
 d8c9b34f0dc5bcd19e574bf6da17ad130132d9835236f9d58f2d704bda4306e4 2191 
steghide_0.5.1+git20240220-2.dsc
 63c7b43b66773201b653b0269cb1eb84f158da6f79a6a53d885ee21b9e95cbfb 14492 
steghide_0.5.1+git20240220-2.debian.tar.xz
 588c24bf517878235550514e8f0b2c6a5f17e6082905e05687ae4e29ed7cf7a9 6706 
steghide_0.5.1+git20240220-2_amd64.buildinfo
Files:
 3b93afabdb17a1758b859bd6edddbd05 2191 misc optional 
steghide_0.5.1+git20240220-2.dsc
 e6d2f4204290d8f8b89a136004da1b70 14492 misc optional 
steghide_0.5.1+git20240220-2.debian.tar.xz
 56090245b12de7468dea7fabca0a199f 6706 misc optional 
steghide_0.5.1+git20240220-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCgAtFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAmo6o7APHHNnZUBkZWJp
YW4ub3JnAAoJEK31Dtr4rdWFCDcP/2TTaUg9t6MEotX3OK3HoR27PCj9KKLAuU6F
WB7OKVRB9ZsfIekbBGZ7xlX3sOwfLerUjc3KGSKwbrJhyxSLGzyF9GR+kzXaZRWS
koTwvEyJw1SHDr6gjthhFnDlo5/qwVINZJKEvBwJQnCuWLNtq3RfgBeU3HPdbzgo
QK/bg7ny6HLEhCBp2vuDLLeGbR8sn8vRyMRubeIULbtfnfaH0bSE+mHj7C004wKQ
jZEMgqbnxqhpOWZG7dLzlxF9FRvwhraT/wSlMzWovRT2zlMoFet0apaiumWHDL1d
wgUPtifBL5hV8aVprotUwEELjlTwMaNTtSwpxnYEOZGc6vHCVYGsG8p3P2l7Vo8Z
Dd+wMN1m9ymxWr+4Z3HotYw8bYqZmBR/kjcgrsS9h4t7gJ7gnvBHsVyTJW5xbdRy
epY/dIxBrrB6g2KUchpFQv9AMlDDrJJTXDOrHS/Cy/oYPEeqV26D1eIcE2akLGWw
oKxxQ6LqI9N9PbblaaP/LLnWh3/8DjIdkqxC8xrThOtY4p+v3PNykPQ8+FE6M/FB
G7Tq4by0w5dRlGqjFKaYwSmQxyKAEcKYQcKUQ59kDPyw8QGBr5JXMyDjAMxVJjOJ
4xqTDSEgWcfQUa6qIp5rIbQ+ffuO6cYLF0P5iQc41L37ufzZ5KBwUgBqDWJr5C/Z
gLhEMCee
=myDe
-----END PGP SIGNATURE-----

pgp4OoesSr8AJ.pgp
Description: PGP signature

--- End Message ---

Bug#1125714: marked as done (Bug# steghide: Stack-based buffer overflow in Embedder.cc)

Reply via email to